1. Technical Field
This disclosure relates generally to securing information in a cloud computing or other shared deployment environment wherein disparate parties share Information Technology (IT) resources.
2. Background of the Related Art
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. Cloud compute resources are typically housed in large server farms that run networked applications, typically using a virtualized architecture wherein applications run inside virtual servers, or so-called “virtual machines” (VMs), that are mapped onto physical servers in a data center facility. The virtual machines typically run on top of a hypervisor, which is a control program that allocates physical resources to the virtual machines. The different components may run on different subdomains in different physical cages in different data centers in different parts of the world, all running on different hardware with different proxy, gateway or session management capabilities, and different back-end technologies.
Multiple entities (or “tenants”) share the infrastructure. With this approach, a tenant's application instance is hosted and made available “as-a-service” from Internet-based resources that are accessible, e.g., through a conventional Web browser over HTTP. A cloud compute environment, such as IBM SmartCloud® for Social Business (formerly known as LotusLive), presents to the user as a single unified experience; in operation, the end user logs-in once against a centralized authentication component, and then transparently signs-on (e.g., via SAML (Security Assertion Markup Language)-based authentication and authorization techniques) into different components of the service.
While multi-tenant, collaborative SaaS (Software-As-A-Service) systems provide significant advantages, the applications supported in such infrastructure but may be subject to denial-of-service (DoS) attacks. As used herein, a “denial-of-service” refers to any degradation of a tenant's service to a point below an acceptable response time and/or transaction throughput rate, whether or not the attack leads to a full rejection of service for legitimate users. A denial-of-service may occur deliberately, namely, as a result of an intentional act, or it may occur without direct intention on the part of the accessor(s) (the calling clients) whose activity creates the situation.
Application denial-of-service is very difficult to combat with traditional mechanisms for throttling DoS attacks. Thus, for example, seemingly legitimate API calls can result in a large amount of resources consumed with the application to handle the request. Indeed, even a relatively small number of requests can tie up resources. As an example, a REST-based API can take a JSON payload to trigger a workflow, such as creating activities. When the JSON payload contains many activities, each with many sub-tasks that trigger other API calls, many resources can be tied up processing the resulting API calls. As another example, an attacker can send compressed files that will be very large when decompressed, thereby resulting in memory issues on the application server processing them.
A denial-of-service attack in a shared tenant infrastructure can have serious consequences. It may prevent legitimate users and usage of the service from continuing with acceptable response time and transaction throughput rates. Such attacks can lead to rejection of service for legitimate users and thereby create business-impacting support situations.
A denial-of-service attack prevention mechanism that works by creating profiles for accessors, and then taking actions based on limits in such profiles being reached, is described in the related application identified above. While that technique provides significant advantages, there remains a need for other types of denial-of-service attack prevention or mitigation in a shared, multi-tenant SaaS environment.